[jboss-user] [Security & JAAS/JBoss] - Re: need advice

kosl do-not-reply at jboss.com
Wed Sep 13 16:30:54 EDT 2006


Well, I think it needs integrating since the results of authentication done by securityfilter must be "caught" by JBoss web layer and ejb layer. I tried to describe my problems http://www.jboss.com/index.html?module=bb&op=viewtopic&t=90372.
but I got no answer.

I guess the problem lies in this method:



  | 	public Principal authenticate(String username, String password) {
  | 		try {
  | 			SubjectSecurityManager subSecMgr = getSecurityManager();
  | 			SimplePrincipal p = new SimplePrincipal(username);
  | 			char[] pChars = password.toCharArray();
  | 			if (subSecMgr.isValid(p, pChars)) {
  | 				SecurityAssociation.setPrincipal(p);
  | 				SecurityAssociation.setCredential(pChars);
  | 				return p;
  | 			}
  | 		} catch (Exception e) {
  | 			log.debug(e);
  | 		}
  | 		return null;
  | 	}
  | 

SecurityAssociation is not in the API and since this code is quite old I guess it simply doesn't work any more with the new version of JBoss.

Thank you very much for your help so far ;-)

k.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3971390#3971390

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3971390



More information about the jboss-user mailing list